search cancel

Files being quarantined even though exceptions are set

book

Article ID: 174705

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Endpoint Protection 14 or above detects suspected non-malicious files even though exceptions/exclusions are in place.  The files are being detected as heuristic and detected as AdvML.A, AdvML.B or similar.

Resolution

First, ensure that exceptions/exclusions have been applied correctly for Auto-Protect.

In the Virus and Spyware Protection policy under Global Scan Options, ensure that Bloodhound is configured as Automatic and not Aggressive.

Also ensure that the endpoints have reliable, robust connectivity to online Reputation servers. If this is not present, an increased number of False Positives can be expected from the Advanced Machine Learning component introduced in SEP 14.

For further troubleshooting see the following articles:

For detections on internally developed applications:
If detections continue, collect 6 to 9 samples of the files being detected as AdvML and submit them by choosing to the 'Clean Software Incorrectly Detected' tile at https://symsubmit.symantec.com/  Provide these to your Technical Support contact. Engineers will examine the files and develop an solution if possible.